WP-Safety

AWCA – The Great Analytics Insights for Your eStore Security & Risk Analysis

wordpress.org/plugins/advance-wc-analytics

Provides Google Analytics Integration for WooCommerce eStore. It provides detailed insights & powerful independent reports for WooCommerce website.

3K active installs v3.19.0 PHP 7.0+ WP 5.0+ Updated Jan 29, 2026
analytics-insightsgoogle-analyticsgoogle-analytics-dashboardwoocommece-analyticswoocommerce
78
B · Generally Safe
CVEs total1
Unpatched1
Last CVEFeb 5, 2026
Download
Safety Verdict

Is AWCA – The Great Analytics Insights for Your eStore Safe to Use in 2026?

Mostly Safe

Score 78/100

AWCA – The Great Analytics Insights for Your eStore is generally safe to use. 1 past CVE were resolved. Keep it updated.

1 known CVE 1 unpatched Last CVE: Feb 5, 2026Updated 2mo ago
Risk Assessment

The "advance-wc-analytics" plugin v3.19.0 presents a mixed security posture. On one hand, it demonstrates good practices by utilizing prepared statements for all SQL queries and implementing a reasonable number of nonce checks. The absence of shortcodes, cron events, and REST API routes as entry points, along with the explicit mention of no unprotected AJAX handlers, suggests an effort to limit the attack surface. However, a significant concern lies in the output escaping, where only 33% of outputs are properly escaped, indicating a potential for Cross-Site Scripting (XSS) vulnerabilities. The presence of 6 flows with unsanitized paths in the taint analysis, although not categorized as critical or high severity, warrants attention as these could represent potential injection points or insecure data handling.

The vulnerability history of this plugin is particularly concerning. A total of one known CVE exists, and it remains unpatched. This single vulnerability is of medium severity and is categorized as Missing Authorization. The fact that this vulnerability is recent (2026-02-05) and unpatched strongly suggests a lack of timely security patching and potentially ongoing authorization issues within the plugin's codebase. This pattern indicates a risk of future similar vulnerabilities, especially related to authorization, and a general complacency in addressing known security flaws.

In conclusion, while "advance-wc-analytics" v3.19.0 has strengths in its database interaction and some basic security checks, the high percentage of unescaped output and the unpatched medium severity CVE related to missing authorization are significant weaknesses. The taint analysis further raises flags about potentially insecure data flows. Users should exercise caution, and the developers should prioritize addressing the unpatched vulnerability and improving output sanitization to mitigate the identified risks.

Key Concerns

  • Unpatched CVE (medium severity)
  • Low percentage of properly escaped output (33%)
  • Flows with unsanitized paths in taint analysis (6)
  • Bundled library: Freemius v1.0 (potentially outdated)
Vulnerabilities
1

AWCA – The Great Analytics Insights for Your eStore Security Vulnerabilities

CVEs by Year

1 CVE in 2026 · unpatched
2026
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2025-68032medium · 4.3Missing Authorization

Advanced WC Analytics <= 3.19.0 - Missing Authorization to Unauthenticated Settings Update

Feb 5, 2026Unpatched
Code Analysis
Analyzed Mar 16, 2026

AWCA – The Great Analytics Insights for Your eStore Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
84
42 escaped
Nonce Checks
10
Capability Checks
0
File Operations
0
External Requests
4
Bundled Libraries
1

Bundled Libraries

Freemius1.0

Output Escaping

33% escaped126 total outputs
Data Flows
6 unsanitized

Data Flow Analysis

9 flows6 with unsanitized paths
tab_update (main\class-awca-auth.php:905)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

AWCA – The Great Analytics Insights for Your eStore Attack Surface

Entry Points8
Unprotected0

AJAX Handlers 8

authwp_ajax_awca_hide_review_noticemain\class-awca-admin.php:23
noprivwp_ajax_awca_hide_review_noticemain\class-awca-admin.php:24
authwp_ajax_web_awca_un_linkmain\class-awca-auth.php:29
noprivwp_ajax_web_awca_un_linkmain\class-awca-auth.php:30
authwp_ajax_web_awca_tab_updatemain\class-awca-auth.php:31
noprivwp_ajax_web_awca_tab_updatemain\class-awca-auth.php:32
authwp_ajax_web_awca_revoke_accessmain\class-awca-auth.php:33
noprivwp_ajax_web_awca_revoke_accessmain\class-awca-auth.php:34
WordPress Hooks 19
actionbefore_woocommerce_initadvance-wc-analytics.php:83
actionadmin_noticesadvance-wc-analytics.php:183
actionplugins_loadedadvance-wc-analytics.php:193
actionadmin_enqueue_scriptsmain\class-awca-admin.php:17
actionadmin_menumain\class-awca-admin.php:19
actionadmin_noticesmain\class-awca-admin.php:21
actionwp_footermain\class-awca-admin.php:27
actionadmin_footermain\class-awca-admin.php:28
actioninitmain\class-awca-auth.php:28
actionadmin_enqueue_scriptsmain\class-awca-auth.php:35
actionplugins_loadedmain\class-awca-auth.php:36
actionwp_dashboard_setupmain\class-awca-auth.php:37
actiontemplate_redirectmain\class-awca-auth.php:38
actionwp_headmain\class-awca-main.php:66
actionadmin_headmain\class-awca-main.php:67
actionlogin_headmain\class-awca-main.php:68
actionwp_enqueue_scriptsmain\class-awca-main.php:69
actionwp_footermain\class-awca-main.php:70
actionwoocommerce_before_shop_loop_itemmain\class-awca-main.php:71
Maintenance & Trust

AWCA – The Great Analytics Insights for Your eStore Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedJan 29, 2026
PHP min version7.0
Downloads67K

Community Trust

Rating94/100
Number of ratings23
Active installs3K
Alternatives

AWCA – The Great Analytics Insights for Your eStore Alternatives

GA4WP – Analytics Dashboard for the Website

GA4WP – Analytics Dashboard for the Website

ga-for-wp

C
56

Google Analytics Dashboard for WordPress Plugin by GA4WP is Lightweight, Easy to connect and comes with plenty of great features.

2K 2 unpatched
MonsterInsights – Google Analytics Dashboard for WordPress (Website Stats Made Easy)

MonsterInsights – Google Analytics Dashboard for WordPress (Website Stats Made Easy)

google-analytics-for-wordpress

A
96

The best free Google Analytics plugin for WordPress. See how visitors find and use your website so you can grow your business with powerful analytics.

2.0M 10 CVEs
ExactMetrics – Google Analytics Dashboard for WordPress (Website Stats Plugin)

ExactMetrics – Google Analytics Dashboard for WordPress (Website Stats Plugin)

google-analytics-dashboard-for-wp

A
90

Connects Google Analytics with your WordPress site. Displays stats to help you understand your users and site content on a whole new level!

300K 5 CVEs
Google Analytics for WooCommerce

Google Analytics for WooCommerce

woocommerce-google-analytics-integration

A
100

Provides integration between Google Analytics and WooCommerce.

200K No CVEs
Pixel Manager for WooCommerce – Conversion Tracking, Google Ads, GA4, TikTok, Dynamic Remarketing

Pixel Manager for WooCommerce – Conversion Tracking, Google Ads, GA4, TikTok, Dynamic Remarketing

woocommerce-google-adwords-conversion-tracking-tag

A
95

Conversion tracking for WooCommerce. Google Ads, GA4, Meta/Facebook Pixel, TikTok & more. Recover 30% more conversions with server-side tracking!

50K 4 CVEs
Developer Profile

AWCA – The Great Analytics Insights for Your eStore Developer Profile

Passionate Brains

4 plugins · 8K total installs

64
trust score
Avg Security Score
78/100
Avg Patch Time
327 days
View full developer profile
Detection Fingerprints

How We Detect AWCA – The Great Analytics Insights for Your eStore

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/advance-wc-analytics/assets/css/backend.css/wp-content/plugins/advance-wc-analytics/assets/js/backend.js/wp-content/plugins/advance-wc-analytics/assets/js/backend-script.js/wp-content/plugins/advance-wc-analytics/assets/css/chart.css/wp-content/plugins/advance-wc-analytics/assets/js/chart.js/wp-content/plugins/advance-wc-analytics/assets/css/daterangepicker.css/wp-content/plugins/advance-wc-analytics/assets/js/daterangepicker.js/wp-content/plugins/advance-wc-analytics/assets/js/moment.min.js+30 more
Script Paths
/wp-content/plugins/advance-wc-analytics/assets/js/backend.js/wp-content/plugins/advance-wc-analytics/assets/js/backend-script.js/wp-content/plugins/advance-wc-analytics/assets/js/chart.js/wp-content/plugins/advance-wc-analytics/assets/js/daterangepicker.js/wp-content/plugins/advance-wc-analytics/assets/js/moment.min.js/wp-content/plugins/advance-wc-analytics/assets/js/chart-custom.js+22 more
Version Parameters
advance-wc-analytics/assets/css/backend.css?ver=advance-wc-analytics/assets/js/backend.js?ver=advance-wc-analytics/assets/js/backend-script.js?ver=advance-wc-analytics/assets/css/chart.css?ver=advance-wc-analytics/assets/js/chart.js?ver=advance-wc-analytics/assets/css/daterangepicker.css?ver=advance-wc-analytics/assets/js/daterangepicker.js?ver=advance-wc-analytics/assets/js/moment.min.js?ver=advance-wc-analytics/assets/js/chart-custom.js?ver=advance-wc-analytics/assets/css/custom.css?ver=advance-wc-analytics/assets/js/custom.js?ver=advance-wc-analytics/assets/js/vendor/Chart.min.js?ver=advance-wc-analytics/assets/js/vendor/echarts.min.js?ver=advance-wc-analytics/assets/js/vendor/qrcode.js?ver=advance-wc-analytics/assets/js/vendor/select2.min.js?ver=advance-wc-analytics/assets/css/vendor/select2.min.css?ver=advance-wc-analytics/assets/css/vendor/jquery.dataTables.min.css?ver=advance-wc-analytics/assets/js/vendor/jquery.dataTables.min.js?ver=advance-wc-analytics/assets/js/vendor/dataTables.buttons.min.js?ver=advance-wc-analytics/assets/js/vendor/buttons.flash.min.js?ver=advance-wc-analytics/assets/js/vendor/jszip.min.js?ver=advance-wc-analytics/assets/js/vendor/pdfmake.min.js?ver=advance-wc-analytics/assets/js/vendor/vfs_fonts.js?ver=advance-wc-analytics/assets/js/vendor/buttons.html5.min.js?ver=advance-wc-analytics/assets/js/vendor/buttons.print.min.js?ver=advance-wc-analytics/assets/js/vendor/dataTables.select.min.js?ver=advance-wc-analytics/assets/js/vendor/jquery.validate.min.js?ver=advance-wc-analytics/assets/js/vendor/jquery.form.min.js?ver=advance-wc-analytics/assets/js/vendor/jquery-ui.min.js?ver=advance-wc-analytics/assets/css/vendor/jquery-ui.min.css?ver=advance-wc-analytics/assets/css/vendor/bootstrap.min.css?ver=advance-wc-analytics/assets/js/vendor/bootstrap.min.js?ver=advance-wc-analytics/assets/js/vendor/tippy.all.min.js?ver=advance-wc-analytics/assets/css/vendor/tippy.all.min.css?ver=advance-wc-analytics/assets/js/admin-script.js?ver=advance-wc-analytics/assets/css/custom-dashboard.css?ver=advance-wc-analytics/assets/js/custom-dashboard.js?ver=advance-wc-analytics/assets/js/vendor/Chart.bundle.min.js?ver=

HTML / DOM Fingerprints

CSS Classes
awca_report_widgetawca_single_line_chartawca_multiple_line_chartawca_order_dateawca_order_idawca_customer_nameawca_product_nameawca_product_sku+21 more
HTML Comments
<!-- AWCA --BEGINNING OF PLUGIN--><!-- AWCA --END OF PLUGIN--><!-- AWCA: Start Admin Notices --><!-- AWCA: End Admin Notices -->
Data Attributes
data-chart-typedata-chart-datadata-chart-optionsdata-titledata-toggledata-target+7 more
JS Globals
AWCA_DASHBOARD_DATAAWCA_CHART_OPTIONSAWCA_DATE_RANGE_PICKER_OPTIONSAWCA_ORDERS_TABLE_OPTIONSAWCA_CUSTOMERS_TABLE_OPTIONSAWCA_PRODUCTS_TABLE_OPTIONS+10 more
REST Endpoints
/wp-json/advance-wc-analytics/v1/reports/wp-json/advance-wc-analytics/v1/settings/wp-json/advance-wc-analytics/v1/sync/wp-json/advance-wc-analytics/v1/review_notice/wp-json/advance-wc-analytics/v1/update-settings
FAQ

Frequently Asked Questions about AWCA – The Great Analytics Insights for Your eStore